SlideShare a Scribd company logo

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

Download as PPTX, PDF
S
Sajib Sen

1) The document discusses setting up a virtual SDN network using Mininet and Open vSwitch to study DDoS attack detection using machine learning. It creates a 3-switch topology and configures basic flow rules. 2) A DDoS ping flood attack is launched on the network from multiple hosts. Network traffic data is collected using sFlow for both normal and attack scenarios. 3) Different machine learning classifiers including Bayes Net, Naive Bayes, and AdaBoost are trained on the data and their performance is compared based on metrics like precision, recall and F-measure. AdaBoost performed the best with 0.934 precision and recall.

Engineering
1 of 21
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
Introduction Figure 1: Different planes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
Introduction Figure 3: OpenVSwitch architecture Figure 4: Packet flow
Introduction Figure 5: sFlow-RT interface
Introduction Figure 6: Traffic monitoring Figure 7: Event handling
Implementation: • To create a virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
Implementation: Figure 8: Setting of Virtual SDN
Flow rules set up in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
Implementation: • To connect OpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
Implementation: • xterm h1 h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
Implementation: Figure 10: Network packet information in Wireshark
Implementation: Figure 11 : Packet flow in s1-eth0 interface
Implementation: Data Description: No. Features Description 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
Implementation: • DDoS flood attack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
Implementation: Figure 13: Ping flood attack to node h1
Implementation: Figure 14: Ping flood packet data in wireshark
Figure 15: Dos attack in sFlow-RT Implementation:
No Techniques Precision Recall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
• Virtual SDN testbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion
Thank you 4/30/18 21

Recommended

Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddos
Oleh Stupak
 
Network Time Synchronization
Network Time SynchronizationNetwork Time Synchronization
Network Time Synchronization
Ben Rothke
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
Achhar Kalia
 
WAN Traffic Control
WAN Traffic ControlWAN Traffic Control
WAN Traffic Control
Ofer Ben Yaacov
 
NTP Server - How it works?
NTP Server - How it works?NTP Server - How it works?
NTP Server - How it works?
Davoud Teimouri
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
LF_OpenvSwitch
 
OpenStack & OpenDaylight Hands-on Lab Instructions
OpenStack & OpenDaylight Hands-on Lab InstructionsOpenStack & OpenDaylight Hands-on Lab Instructions
OpenStack & OpenDaylight Hands-on Lab Instructions
Michelle Holley
 

Recommended

Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddos
Oleh Stupak
 
Network Time Synchronization
Network Time SynchronizationNetwork Time Synchronization
Network Time Synchronization
Ben Rothke
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
Achhar Kalia
 
WAN Traffic Control
WAN Traffic ControlWAN Traffic Control
WAN Traffic Control
Ofer Ben Yaacov
 
NTP Server - How it works?
NTP Server - How it works?NTP Server - How it works?
NTP Server - How it works?
Davoud Teimouri
 
LF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress SchedulingLF_OVS_17_Ingress Scheduling
LF_OVS_17_Ingress Scheduling
LF_OpenvSwitch
 
OpenStack & OpenDaylight Hands-on Lab Instructions
OpenStack & OpenDaylight Hands-on Lab InstructionsOpenStack & OpenDaylight Hands-on Lab Instructions
OpenStack & OpenDaylight Hands-on Lab Instructions
Michelle Holley
 
DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
Netronome
 
Ccna notes
Ccna notesCcna notes
Ccna notes
Mubeen Chughtai
 
Network time protocol
Network time protocolNetwork time protocol
Network time protocol
Mohd Amir
 
Basic ntp configuration
Basic ntp configurationBasic ntp configuration
Basic ntp configuration
Raghu nath
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
Netronome
 
Getting date and time from ntp server with esp8266 node mcu
Getting date and time from ntp server with esp8266 node mcuGetting date and time from ntp server with esp8266 node mcu
Getting date and time from ntp server with esp8266 node mcu
Elaf A.Saeed
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
Network for amin
Network for aminNetwork for amin
Network for amin
adnan alshulah
 
Adaptation of tcp window
Adaptation of tcp windowAdaptation of tcp window
Adaptation of tcp window
priya Nithya
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
Pentesting ntp-17-02-18
Pentesting ntp-17-02-18Pentesting ntp-17-02-18
Pentesting ntp-17-02-18
Vengatesh Nagarajan
 
Byte blower basic setting full_v2
Byte blower basic setting full_v2Byte blower basic setting full_v2
Byte blower basic setting full_v2
Chen-Chih Lee
 
Types Of Attack.
Types Of Attack.Types Of Attack.
Types Of Attack.
Greater Noida Institute Of Technology
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 
Traceroute- A Networking Tool
Traceroute- A Networking ToolTraceroute- A Networking Tool
Traceroute- A Networking Tool
Amit Kumar
 
Area25 Learning DS1
Area25 Learning DS1Area25 Learning DS1
Area25 Learning DS1
Ali Hamieh
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OpenvSwitch
 
Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports
Netronome
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
James Denton
 
MininetasSDNPlatform.pdf
MininetasSDNPlatform.pdfMininetasSDNPlatform.pdf
MininetasSDNPlatform.pdf
Fernando Velez Varela
 

More Related Content

What's hot

Basic ntp configuration
Basic ntp configurationBasic ntp configuration
Basic ntp configuration
Raghu nath
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 

What's hot (20)

DDoS Attack Preparation and Mitigation
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
 
TC Flower Offload
TC Flower OffloadTC Flower Offload
TC Flower Offload
 
Ccna notes
Ccna notesCcna notes
Ccna notes
 
Network time protocol
Network time protocolNetwork time protocol
Network time protocol
 
Basic ntp configuration
Basic ntp configurationBasic ntp configuration
Basic ntp configuration
 
Open vSwitch Implementation Options
Open vSwitch Implementation Options Open vSwitch Implementation Options
Open vSwitch Implementation Options
 
Getting date and time from ntp server with esp8266 node mcu
Getting date and time from ntp server with esp8266 node mcuGetting date and time from ntp server with esp8266 node mcu
Getting date and time from ntp server with esp8266 node mcu
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecasesLF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
 
Network for amin
Network for aminNetwork for amin
Network for amin
 
Adaptation of tcp window
Adaptation of tcp windowAdaptation of tcp window
Adaptation of tcp window
 
LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.LF_OVS_17_OVN and Containers - An update.
LF_OVS_17_OVN and Containers - An update.
 
Pentesting ntp-17-02-18
Pentesting ntp-17-02-18Pentesting ntp-17-02-18
Pentesting ntp-17-02-18
 
Byte blower basic setting full_v2
Byte blower basic setting full_v2Byte blower basic setting full_v2
Byte blower basic setting full_v2
 
Types Of Attack.
Types Of Attack.Types Of Attack.
Types Of Attack.
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocols
 
Traceroute- A Networking Tool
Traceroute- A Networking ToolTraceroute- A Networking Tool
Traceroute- A Networking Tool
 
Area25 Learning DS1
Area25 Learning DS1Area25 Learning DS1
Area25 Learning DS1
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream KernelLF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
 
Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 

Similar to Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
James Denton
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
Sungman Jang
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoS
Yoav Francis
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
IJERD Editor
 
Distributed gateway-based load balancing in software defined network
Distributed gateway-based load balancing in software defined networkDistributed gateway-based load balancing in software defined network
Distributed gateway-based load balancing in software defined network
TELKOMNIKA JOURNAL
 

Similar to Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack (20)

Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
MininetasSDNPlatform.pdf
MininetasSDNPlatform.pdfMininetasSDNPlatform.pdf
MininetasSDNPlatform.pdf
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
 
Quantifying the impact of flood attack on
Quantifying the impact of flood attack onQuantifying the impact of flood attack on
Quantifying the impact of flood attack on
 
VeriFlow Presentation
VeriFlow PresentationVeriFlow Presentation
VeriFlow Presentation
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)
 
NP-lab-manual (1).pdf
NP-lab-manual (1).pdfNP-lab-manual (1).pdf
NP-lab-manual (1).pdf
 
NP-lab-manual.pdf
NP-lab-manual.pdfNP-lab-manual.pdf
NP-lab-manual.pdf
 
NP-lab-manual.docx
NP-lab-manual.docxNP-lab-manual.docx
NP-lab-manual.docx
 
Floodlight OpenFlow DDoS
Floodlight OpenFlow DDoSFloodlight OpenFlow DDoS
Floodlight OpenFlow DDoS
 
Fs3610481053
Fs3610481053Fs3610481053
Fs3610481053
 
Network programming in Java
Network programming in JavaNetwork programming in Java
Network programming in Java
 
14 network tools
14 network tools14 network tools
14 network tools
 
A Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of ThingsA Survey: DDOS Attack on Internet of Things
A Survey: DDOS Attack on Internet of Things
 
Distributed gateway-based load balancing in software defined network
Distributed gateway-based load balancing in software defined networkDistributed gateway-based load balancing in software defined network
Distributed gateway-based load balancing in software defined network
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
Network-Connected Development with ZeroMQ
Network-Connected Development with ZeroMQNetwork-Connected Development with ZeroMQ
Network-Connected Development with ZeroMQ
 
Multiuser chat application using java
Multiuser chat application using javaMultiuser chat application using java
Multiuser chat application using java
 

More from Sajib Sen

An empirical study on algorithmic bias
An empirical study on algorithmic biasAn empirical study on algorithmic bias
An empirical study on algorithmic bias
Sajib Sen
 
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Sajib Sen
 
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
Sajib Sen
 

More from Sajib Sen (12)

An empirical study on algorithmic bias
An empirical study on algorithmic biasAn empirical study on algorithmic bias
An empirical study on algorithmic bias
 
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
 
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
 
Equifax data breach
Equifax data breachEquifax data breach
Equifax data breach
 
Weka tutorial
Weka tutorialWeka tutorial
Weka tutorial
 
A Crowdsourcing Review Technique to Prevent Spreading Fake News
A Crowdsourcing Review Technique to Prevent Spreading Fake NewsA Crowdsourcing Review Technique to Prevent Spreading Fake News
A Crowdsourcing Review Technique to Prevent Spreading Fake News
 
Image Recognition with Neural Network
Image Recognition with Neural NetworkImage Recognition with Neural Network
Image Recognition with Neural Network
 
K-means Clustering
K-means ClusteringK-means Clustering
K-means Clustering
 
Machine Learning Landscape
Machine Learning LandscapeMachine Learning Landscape
Machine Learning Landscape
 
Raspberry-Pi GPIO
Raspberry-Pi GPIORaspberry-Pi GPIO
Raspberry-Pi GPIO
 
An Updated Survey on Niching Methods and Their Applications
An Updated Survey on Niching Methods and Their ApplicationsAn Updated Survey on Niching Methods and Their Applications
An Updated Survey on Niching Methods and Their Applications
 
Binary classification with logistic regression algorithm using hadoop
Binary classification with logistic regression algorithm using hadoopBinary classification with logistic regression algorithm using hadoop
Binary classification with logistic regression algorithm using hadoop
 

Recently uploaded

Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
soginsider
 
Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...
IJECEIAES
 
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
AshwaniAnuragi1
 
Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligence
mahaffeycheryld
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
IJECEIAES
 

Recently uploaded (20)

analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
DBMS-Report on Student management system.pptx
DBMS-Report on Student management system.pptxDBMS-Report on Student management system.pptx
DBMS-Report on Student management system.pptx
 
Adsorption (mass transfer operations 2) ppt
Adsorption (mass transfer operations 2) pptAdsorption (mass transfer operations 2) ppt
Adsorption (mass transfer operations 2) ppt
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
 
Raashid final report on Embedded Systems
Raashid final report on Embedded SystemsRaashid final report on Embedded Systems
Raashid final report on Embedded Systems
 
Geometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdfGeometric constructions Engineering Drawing.pdf
Geometric constructions Engineering Drawing.pdf
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
Presentation on Slab, Beam, Column, and Foundation/Footing
Presentation on Slab, Beam, Column, and Foundation/FootingPresentation on Slab, Beam, Column, and Foundation/Footing
Presentation on Slab, Beam, Column, and Foundation/Footing
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...Fuzzy logic method-based stress detector with blood pressure and body tempera...
Fuzzy logic method-based stress detector with blood pressure and body tempera...
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxSLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
 
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
01-vogelsanger-stanag-4178-ed-2-the-new-nato-standard-for-nitrocellulose-test...
 
Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligence
 
Databricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfDatabricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdf
 
engineering chemistry power point presentation
engineering chemistry power point presentationengineering chemistry power point presentation
engineering chemistry power point presentation
 
handbook on reinforce concrete and detailing
handbook on reinforce concrete and detailinghandbook on reinforce concrete and detailing
handbook on reinforce concrete and detailing
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...Developing a smart system for infant incubators using the internet of things ...
Developing a smart system for infant incubators using the internet of things ...
 
Circuit Breakers for Engineering Students
Circuit Breakers for Engineering StudentsCircuit Breakers for Engineering Students
Circuit Breakers for Engineering Students
 

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

  • 1. Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
  • 2. Introduction Figure 1: Different planes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
  • 3. Introduction Figure 3: OpenVSwitch architecture Figure 4: Packet flow
  • 5. Introduction Figure 6: Traffic monitoring Figure 7: Event handling
  • 6. Implementation: • To create a virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
  • 8. Flow rules set up in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
  • 9. Implementation: • To connect OpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
  • 10. Implementation: • xterm h1 h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
  • 11. Implementation: Figure 10: Network packet information in Wireshark
  • 12. Implementation: Figure 11 : Packet flow in s1-eth0 interface
  • 13. Implementation: Data Description: No. Features Description 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
  • 14. Implementation: • DDoS flood attack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
  • 15. Implementation: Figure 13: Ping flood attack to node h1
  • 16. Implementation: Figure 14: Ping flood packet data in wireshark
  • 17. Figure 15: Dos attack in sFlow-RT Implementation:
  • 18. No Techniques Precision Recall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
  • 19. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
  • 20. • Virtual SDN testbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion